Yahoo's Zimbra flaw reveals users' passwords

Yahoo is suffering today from both a security breach and some serious embarrassment after it was discovered that their Zimbra e-mail client was exposing sensitive data. The flaw was discovered during a recent Yahoo University hack day where a Canadian programmer noticed that passwords of Yahoo's email accounts were being sent in plain text format through the Zimbra client due to a Yahoo IMAP server not supporting SSL encryption.

Reportedly, Yahoo was notified of the problem, but the company didn't give any feedback as to whether or not they were addressing the problem. Zimbra, however, has said that they have already fixed the issue upstream, and the next release of the client will come with a fix built-in. The recommendation for Zimbra/Yahoo account holders is to change their passwords immediately and stop using Zimbra until the next release is available.